這篇文章次要介紹了 PHP curl 偽造 IP 地址和 header 資訊代碼執行個體, 本文給出伺服器端和用戶端實現代碼, 提供偽造性能和伺服器端檢測代碼, 须要的敌人能够參考下
curl 雖然性能強大,然而只能偽造 $_SERVER[“HTTP_X_FORWARDED_FOR”],對於大多數 IP 地址檢測程式來說,$_SERVER[“REMOTE_ADDR”] 很難被偽造:
首先是 client.php 的代碼
代碼如下:
$headers[‘CLIENT-IP’] = ‘202.103.229.40’;
$headers[‘X-FORWARDED-FOR’] = ‘202.103.229.40’;
$headerArr = array();
foreach($headers as $n => $v) {
$headerArr[] = $n .’:’ . $v;
}
ob_start();
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, “http://localhost/curl/server.php”);
curl_setopt ($ch, CURLOPT_HTTPHEADER , $headerArr); // 構造 IP
curl_setopt ($ch, CURLOPT_REFERER, “http://www.163.com/ “); // 構造來路
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_exec($ch);
curl_close ($ch);
$out = ob_get_contents();
ob_clean();
echo $out;
然後是 server.php
代碼如下:
function GetIP(){
if(!emptyempty($_SERVER[“HTTP_CLIENT_IP”]))
$cip = $_SERVER[“HTTP_CLIENT_IP”];
else if(!emptyempty($_SERVER[“HTTP_X_FORWARDED_FOR”]))
$cip = $_SERVER[“HTTP_X_FORWARDED_FOR”];
else if(!emptyempty($_SERVER[“REMOTE_ADDR”]))
$cip = $_SERVER[“REMOTE_ADDR”];
else
$cip = “ 無法擷取!”;
return $cip;
}
echo “
訪問 IP: “.GetIP().”
“;
echo “
訪問來路: “.$_SERVER[“HTTP_REFERER”];
相干文章:監控伺服器 swap 並重啟 php 的 Shell 指令碼_linux shell